President Barack Obama’s administration has drafted a potential recipe for sweetening its voluntary corporate cybersecurity program. The program is under development at the White House and is aimed at utility companies and other businesses that are key to U.S. infrastructure.

The White House on Tuesday revealed possible incentives it may use to bring critical infrastructure companies into the program, which would encourage the development of capabilities to mitigate cyber risk. The potential enticements include cybersecurity insurance through agencies, reduced tort liability, easier access to federal grants and technical assistance, public recognition, and utility rate adjustments to help offset cybersecurity investments.

"Over the next few months, agencies will examine these options in detail to determine which ones to adopt and how, based substantially on input from critical infrastructure stakeholders," Michael Daniel, the White House's top cybersecurity adviser, wrote in a blog post announcing the incentives. "We believe that sharing the findings and our plans for continued work will promote transparency and sustain a public conversation about the recommendations. Publishing these agency reports is therefore an interim step and does not indicate the Administration’s final policy position on the recommend actions."

The cybersecurity program is slated to launch after the Obama administration releases in February 2014 a final framework of key practices to address cyber risk. A draft version of the framework is expected in October of this year.

Jamie Barnett, co-chairman of Venable's telecommunications group and a partner in the firm's cybersecurity practice, said the incentives are positive. But he said the White House should consider tax incentives, as well as its constraints on liability limitation without legislation.

"I think it's a great start," Barnett said.

President Obama in February signed an executive order to develop the cybersecurity program and create incentives to make critical infrastructure companies a part of it. He announced the order in his State of the Union speech this year, saying the United States "cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy."

The order came after cybersecurity legislation stalled last year. Congressional Republicans were worried the legislation would create new government regulations for companies, while Democrats worried about privacy concerns. Senate Homeland Security and Governmental Affairs Committee Chairman Tom Carper (D-Del.) and other lawmakers have filed cybersecurity bills again this year.

                                                                                                                                                                                    (Source: www.law.com)